[Snyk] Upgrade mocha from 10.8.2 to 11.7.1

[Dargon789]

Snyk has created this PR to upgrade mocha from 10.8.2 to 11.7.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

• The recommended version is 14 versions ahead of your current version.

• The recommended version was released 3 months ago.

Release notes

Package name: mocha

• 11.7.1 - 2025-06-24
  

  11.7.1 (2025-06-24)

  🩹 Fixes

  • always fallback to import() if require() fails (#5384) (295c168)

  🧹 Chores

  • add esm loader test (#5383) (f58e49f)
• 11.7.0 - 2025-06-18
  

  11.7.0 (2025-06-18)

  🌟 Features

  • use require to load esm (#5366) (41e24a2)
• 11.6.0 - 2025-06-09
  

  11.6.0 (2025-06-09)

  🌟 Features

  • bump workerpool from ^6.5.1 to ^9.2.0 (#5350) (581a3c5)
• 11.5.0 - 2025-05-23
  

  11.5.0 (2025-05-22)

  🌟 Features

  • bump mimimatch from ^5.1.6 to ^9.0.5 (#5349) (a3dea85)
• 11.4.0 - 2025-05-19
  

  11.4.0 (2025-05-19)

  🌟 Features

  • bump diff from ^5.2.0 to ^7.0.0 (#5348) (554d6bb)

  📚 Documentation

  • added CHANGELOG.md note around 11.1 yargs-parser update (#5362) (618415d)
• 11.3.0 - 2025-05-16
  

  11.3.0 (2025-05-16)

  🌟 Features

  • add option to use posix exit code upon fatal signal (#4989) (91bbf85)

  📚 Documentation

  • Deploy new site alongside old one (#5360) (6c96545)
  • mention explicit browser support range (#5354) (c514c0b)
  • update Node.js version requirements for 11.x (#5329) (abf3dd9)

  🧹 Chores

  • remove prerelease setting in release-please config (#5363) (8878f22)
• 11.2.2 - 2025-04-10
  

  11.2.2 (2025-04-10)

  🩹 Fixes

  • deps: update chokidar to v4 (#5256) (8af0f1a)

  📚 Documentation

  • add ClientRedirects.astro (#5324) (b88d441)
  • add example/tests.html to docs-next (#5325) (6ec5762)
• 11.2.1 - 2025-04-10
  

  11.2.1 (2025-04-10)

  🩹 Fixes

  • switch from ansi-colors to picocolors (#5323) (7c08d09)

  📚 Documentation

  • fix new website typos, improve readability (#5312) (fbceb19)

  🧹 Chores

  • "force" Netlify to use npm to build new site (#5319) (3a46855)
  • Fix tests (#5320) (18699a0)
• 11.2.0 - 2025-03-17
  

  11.2.0 (2025-03-17)

  🌟 Features

  • enable reporters to show relative paths of tests (#5292) (81ea666)

  📚 Documentation

  • add instructions for API docs (#5287) (b720ec1)
  • add new website using Astro Starlight (#5246) (b1f1cb7)
  • improve third-party reporter docs (#5285) (c5a0ef5)

  🧹 Chores

  • enabled eslint-plugin-n (#5280) (945d6e3)
  • pin node-lts tests to 22.11.0 (#5279) (664e1f4)
  • replace fs-extra with newer fs built-ins (#5284) (75dcf8c)
• 11.1.0 - 2025-01-02
  

  11.1.0 (2025-01-02)

  🌟 Features

  • bump yargs to 17 (#5165) (8f1c8d8)
    • Note that this also included a version bump of yargs-parser from ^20.2.9 to ^21.1., which fixed a bug that caused extra quotes in file paths to be removed.
      See #5341 for more information.
• 11.0.2 - 2024-12-09
• 11.0.1 - 2024-12-02
• 11.0.0 - 2024-11-11
• 11.0.0-beta - 2024-11-23
• 10.8.2 - 2024-10-30

from mocha GitHub release notes

---

Important

• Warning: This PR contains a major version upgrade, and may be a breaking change.
• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[vercel]

Deployment failed with the following error:

Resource is limited - try again in 4 hours (more than 100, code: "api-deployments-free-per-day").

Learn More: https://vercel.com/dargon789s-projects?upgradeToPro=build-rate-limit

[codesandbox]

Review or Edit in CodeSandbox

Open the branch in Web Editor • VS Code • Insiders

Open Preview

[gemini-code-assist]

Summary of Changes

Hello @Dargon789, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request updates the mocha testing framework to its latest stable version. This upgrade is crucial for maintaining dependency health and incorporating the latest features and fixes, including improvements to ESM loading and updated internal dependencies. Due to the significant version jump, thorough testing is advised to ensure compatibility and prevent regressions.

Highlights

• Mocha Dependency Upgrade: The mocha testing framework has been upgraded from version 10.8.2 to 11.7.1.
• Potential Breaking Changes: This is a major version upgrade across multiple 11.x releases, which may introduce breaking changes. Review of the detailed release notes is recommended to understand new features, fixes, and potential impacts.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point in your pull request via creating an issue comment (i.e. comment on the pull request page) using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in issue comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
npm/mocha	^11.7.1	🟢 7.3	Details Check Score Reason Code-Review 🟢 9 Found 26/27 approved changesets -- score normalized to 9 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Maintained 🟢 10 30 commit(s) and 25 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo License 🟢 10 license file detected Pinned-Dependencies 🟢 5 dependency not pinned by hash detected -- score normalized to 5 Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Packaging 🟢 10 packaging workflow detected SAST 🟢 4 SAST tool is not run on all commits -- score normalized to 4 Vulnerabilities ⚠️ 0 60 existing vulnerabilities detected

Scanned Files

• packages/hardhat-truffle5/package.json

[gemini-code-assist]

Code Review

This pull request upgrades mocha from version 10 to 11. This is a major version upgrade which, as noted in the PR description, may introduce breaking changes. The most significant one is that Mocha v11 requires a newer version of Node.js (v18.12.0+ or v20.6.0+). I've added a comment suggesting that the engines field be added to package.json to reflect this new requirement and prevent issues for users of this package. Otherwise, the change looks good.

[gemini-code-assist]

Upgrading mocha to a new major version (v11) introduces a higher minimum Node.js version requirement. Mocha v11 requires Node.js v18.12.0 or newer, or v20.6.0 or newer.

While the development environment seems to use a compatible Node.js version, this package does not declare its supported Node.js versions. To prevent potential runtime issues for consumers of @nomiclabs/hardhat-truffle5 on older Node.js versions, it's highly recommended to add an engines field to package.json.

For example:

"engines": {
  "node": ">=18.12.0"
}

This will ensure that npm or yarn will show a warning if the package is installed on an incompatible Node.js version.